Ensure the password is only hashed in case it's changed on the client - fixes #19950
This commit is contained in:
parent
dc32bf4594
commit
4f5ff9c105
|
@ -116,7 +116,8 @@
|
||||||
|
|
||||||
// TODO: use backbone's default value mechanism once this is a separate model
|
// TODO: use backbone's default value mechanism once this is a separate model
|
||||||
var requiredAttributes = [
|
var requiredAttributes = [
|
||||||
{ name: 'password', defaultValue: '' },
|
{ name: 'password', defaultValue: '' },
|
||||||
|
{ name: 'passwordChanged', defaultValue: false },
|
||||||
{ name: 'permissions', defaultValue: OC.PERMISSION_READ },
|
{ name: 'permissions', defaultValue: OC.PERMISSION_READ },
|
||||||
{ name: 'expiration', defaultValue: this.configModel.getDefaultExpirationDateString() }
|
{ name: 'expiration', defaultValue: this.configModel.getDefaultExpirationDateString() }
|
||||||
];
|
];
|
||||||
|
@ -136,11 +137,16 @@
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
var password = {
|
||||||
|
password: attributes.password,
|
||||||
|
passwordChanged: attributes.passwordChanged
|
||||||
|
};
|
||||||
|
|
||||||
OC.Share.share(
|
OC.Share.share(
|
||||||
itemType,
|
itemType,
|
||||||
itemSource,
|
itemSource,
|
||||||
OC.Share.SHARE_TYPE_LINK,
|
OC.Share.SHARE_TYPE_LINK,
|
||||||
attributes.password,
|
password,
|
||||||
attributes.permissions,
|
attributes.permissions,
|
||||||
this.fileInfoModel.get('name'),
|
this.fileInfoModel.get('name'),
|
||||||
attributes.expiration,
|
attributes.expiration,
|
||||||
|
@ -208,6 +214,7 @@
|
||||||
*/
|
*/
|
||||||
setPassword: function(password) {
|
setPassword: function(password) {
|
||||||
this.get('linkShare').password = password;
|
this.get('linkShare').password = password;
|
||||||
|
this.get('linkShare').passwordChanged = true;
|
||||||
},
|
},
|
||||||
|
|
||||||
addShare: function(attributes, options) {
|
addShare: function(attributes, options) {
|
||||||
|
|
|
@ -775,15 +775,19 @@ class Share extends Constants {
|
||||||
$updateExistingShare = true;
|
$updateExistingShare = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Generate hash of password - same method as user passwords
|
// Generate hash of password if the password was changed on the client
|
||||||
if (is_string($shareWith) && $shareWith !== '') {
|
if (isset($shareWith['passwordChanged']) && $shareWith['passwordChanged'] === 'true') {
|
||||||
self::verifyPassword($shareWith);
|
$shareWith = $shareWith['password'];
|
||||||
$shareWith = \OC::$server->getHasher()->hash($shareWith);
|
if (is_string($shareWith) && $shareWith !== '') {
|
||||||
|
self::verifyPassword($shareWith);
|
||||||
|
$shareWith = \OC::$server->getHasher()->hash($shareWith);
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
// reuse the already set password, but only if we change permissions
|
// reuse the existing password if it was not updated from the client
|
||||||
// otherwise the user disabled the password protection
|
if ($updateExistingShare) {
|
||||||
if ($checkExists && (int)$permissions !== (int)$oldPermissions) {
|
|
||||||
$shareWith = $checkExists['share_with'];
|
$shareWith = $checkExists['share_with'];
|
||||||
|
} else {
|
||||||
|
$shareWith = '';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue